summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorToon Claes <toon@gitlab.com>2018-01-24 09:44:07 +0100
committerToon Claes <toon@gitlab.com>2018-01-24 09:44:07 +0100
commit45b62dfd324318959ff6fa37f9d3f8a1a95b4aa7 (patch)
treebeeed9700cbaa4c57c1b3a72a30d9409b43a1d31
parentd38faa30ed6fb79964b25fce843cb57db1bdb198 (diff)
downloadgitlab-ce-45b62dfd324318959ff6fa37f9d3f8a1a95b4aa7.tar.gz
Make the exposing of the Application secret more explicitPNSalocin/gitlab-ce-24035-api-create-application
To make it more clear to developers that the entity exposes the application secret, define a separate entity that only should be used when the secret is needed (probably only on creation).
-rw-r--r--lib/api/applications.rb4
-rw-r--r--lib/api/entities.rb6
2 files changed, 7 insertions, 3 deletions
diff --git a/lib/api/applications.rb b/lib/api/applications.rb
index 142ba73a53d..b122cdefe4e 100644
--- a/lib/api/applications.rb
+++ b/lib/api/applications.rb
@@ -6,7 +6,7 @@ module API
resource :applications do
desc 'Create a new application' do
detail 'This feature was introduced in GitLab 10.5'
- success Entities::Application
+ success Entities::ApplicationWithSecret
end
params do
requires :name, type: String, desc: 'Application name'
@@ -17,7 +17,7 @@ module API
application = Doorkeeper::Application.new(declared_params)
if application.save
- present application, with: Entities::Application
+ present application, with: Entities::ApplicationWithSecret
else
render_validation_error! application
end
diff --git a/lib/api/entities.rb b/lib/api/entities.rb
index cfe9a8704bc..7b9a80a234b 100644
--- a/lib/api/entities.rb
+++ b/lib/api/entities.rb
@@ -1160,8 +1160,12 @@ module API
class Application < Grape::Entity
expose :uid, as: :application_id
- expose :secret
expose :redirect_uri, as: :callback_url
end
+
+ # Use with care, this exposes the secret
+ class ApplicationWithSecret < Application
+ expose :secret
+ end
end
end